aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/cert
Commit message (Collapse)AuthorAgeFilesLines
* Merge GH #567/GH #457 TLS refactoring and Callbacks interfaceJack Lloyd2016-08-311-1/+0
|\
| * Reverted proposed constructor changes to X509_CA.Matthias Gierlings2016-06-193-41/+17
| | | | | | | | | | - Removed Certificate_Properties class used to wrap X509_CA parameters. - Whitespace cleanup.
| * Reduction of code complexity in MP & ECC classes.Matthias Gierlings2016-06-193-0/+3
| | | | | | | | | | | | - reduced number of parameters in various methods - introduced structures and renamed variables to improve code readability.
| * Reduction of code complexity in TLS classes.Matthias Gierlings2016-06-193-17/+37
| | | | | | | | | | | | | | -reduced number of parameters in various methods -reduced cyclomatic complexity (McCabe-Metric) -removed "TLSEXT_HEARTBEAT_SUPPORT" from tls_extensions.h (leftover from heartbeat extension removal?)
* | Change allowed_usage key usage checks to match RFC 5280Jack Lloyd2016-08-301-2/+4
| | | | | | | | GH #611
* | Fix TLS server cert validation problem GH #611Jack Lloyd2016-08-291-3/+3
| | | | | | | | Fallout from #591
* | Rename find_constraints() and let it throw instead of returning a combinationRené Korthaus2016-08-194-32/+59
| |
* | Fix allowed_usage() and add tests for key usageRené Korthaus2016-08-172-2/+2
| |
* | Fix GH #425 and run x509 tests with different signature algorithmsRené Korthaus2016-08-175-48/+24
| |
* | Merge GH #570 X509_Certificate APIsJack Lloyd2016-08-103-9/+58
| |
* | Merge GH #507 Add PKCS #11 supportJack Lloyd2016-07-041-1/+1
|\ \ | |/ |/|
| * add PKCS#11 supportDaniel Neus2016-06-171-1/+1
| |
* | Merge GH #487 Remove CVC certificates and EMSA1_BSI signature encodingJack Lloyd2016-06-1719-2353/+1
|\ \ | |/ |/|
| * remove the already bitrotting and probably broken CVC implementationDaniel Neus2016-05-1818-2350/+0
| |
| * remove all uses of EMSA1_BSIDaniel Neus2016-05-022-5/+3
| |
* | Add Not_Implemented exceptionJack Lloyd2016-06-073-7/+7
| |
* | Remove DN field requirements on generating certs and PKCS #10Jack Lloyd2016-05-233-22/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I have no idea why this is requiring the country code be set, but for many applications a country is not even meaningful. This change also allows CN to be empty/unset on the request or cert, since there is no actual requirement for any specific DN entry type and RFC 5280 specifically allows even an completely empty DN, with name information only in the subjectAltName extension. This change also allows generating a self-signed cert or cert request that expires before it starts. That could only happen with an explicit decision by the application to set it that way, and there is no harm in returning these non-secret bits. They will probably notice their problem as soon as the cert is rejected by any receiving system.
* | Merge GH #484 use explicit casts to avoids MSVC warning C4267Jack Lloyd2016-05-092-4/+4
|\ \ | |/ |/|
| * Add explicit static_cast operations to eliminate implicit cast compiler ↵Dan Brown2016-04-272-4/+4
| | | | | | | | warnings.
* | Add missing overrideJack Lloyd2016-04-281-1/+1
|/
* Move name constraints validation code to extension classRené Korthaus2016-04-173-101/+111
|
* Add Unknown_Critical_Extension typeRené Korthaus2016-04-103-16/+43
|
* Generate error on unknown critical extension during path validationRené Korthaus2016-04-069-19/+145
| | | | | | | | | | | | Previously unknown critical extensions were rejected during X509_Certificate constructor, which inhibited inspecting other parts of such a certificate. Refactored the certificate extensions code so that the path validation routine performs this check only. Additionally, added an interface for extensions to inspect the path during path validation. TODOs were added in places where existing path validation code can use the new interface. Fixes GH #449.
* Merge GH #454 X.509 name constraintsJack Lloyd2016-03-168-7/+630
|\
| * Changes from GH #454 reviewJack Lloyd2016-03-162-68/+72
| |
| * X.509 Name ConstraintsKai Michaelis2016-03-108-7/+626
| |
* | Trivial warning fixesJack Lloyd2016-03-091-8/+12
| |
* | Typos are easy to miss in code that is not compiled by default.Jack Lloyd2016-03-061-1/+1
| |
* | Merge GH #437 add X509_Certificate::v3_extensionsJack Lloyd2016-03-064-20/+35
|\ \ | | | | | | | | | | | | Makes it possible for an application to interpret some extension not supported by the library.
| * | +added fields for custom x509 extensionsChristopher Bläsius2016-02-294-20/+33
| |/ | | | | | | +Extensions now uses std::unique_ptr
* | Fix ordering of Charset::transcode argumentsJack Lloyd2016-03-061-1/+1
| | | | | | | | GH #438
* | Remaining cppcheck fixes that are not covered by GH #444Daniel Neus2016-03-051-11/+5
| |
* | cppcheck fixes: Class 'X' has a constructor with 1 argument that is not ↵Daniel Neus2016-03-058-25/+25
|/ | | | explicit.
* Fix remaining Wshadow warnings and enable on gcc and clangRené Korthaus2016-02-181-1/+1
|
* Merge GH #408 Add final attribute on many classesJack Lloyd2016-01-126-17/+17
|\
| * Add final attribute to many classesJack Lloyd2016-01-106-17/+17
| | | | | | | | | | | | | | In some cases this can offer better optimization, via devirtualization. And it lets the user know the class is not intended for derivation. Some discussion in GH #402
* | Prefix more member vars with m_ prefixRené Korthaus2016-01-112-85/+85
|/
* Mass-prefix member vars with m_René Korthaus2016-01-0825-271/+283
|
* String comparision fixesDaniel Neus2016-01-048-11/+11
| | | | fix PVS-Studio perfomance warnings
* some trivial compiler/PVS-Studio warning fixesDaniel Neus2015-12-222-2/+2
|
* Reroot the exception hierarchy into a toplevel Exception classJack Lloyd2015-12-115-16/+16
| | | | | | | | As the alternatives are unfortunate for applications trying to catch all library errors, and it seems deriving from std::runtime_error causes problems with MSVC DLLs (GH #340) Effectively reverts 2837e915d82e43
* Update and consolidate the test framework.Jack Lloyd2015-11-111-1/+1
| | | | | | | | | | | The tests previously had used 4 to 6 different schemes internally (the vec file reader framework, Catch, the old InSiTo Boost.Test tests, the PK/BigInt tests which escaped the rewrite in 1.11.7, plus a number of one-offs). Converge on a design that works everywhere, and update all the things. Fix also a few bugs found by the test changes: SHA-512-256 name incorrect, OpenSSL RC4 name incorrect, signature of FFI function botan_pubkey_destroy was wrong.
* Add check for path validation result in Credentials_Manager. GH #324Jack Lloyd2015-11-042-1/+4
|
* Merge pull request #313 from randombit/path-validation-fixesJack Lloyd2015-10-267-96/+148
|\ | | | | Fix cert validation bugs found by x509test.
| * Fix cert validation bugs found by x509test.Jack Lloyd2015-10-237-96/+148
| | | | | | | | Add test suite with certs from x509test
* | Update doc for issuer_dn() and subject_dn()Simon Warta2015-10-202-8/+2
|/ | | | [ci skip]
* Export X.509 certificates to ffi and pythonJack Lloyd2015-10-011-0/+1
| | | | Missing path validation, probably other things
* Avoid concatination of charsSimon Warta2015-09-221-1/+1
| | | | | | | Ever tried? auto str = "some long string"; auto str2 = str + '\n'; It's not with the brainfuck finding the bug.
* Remove use of lookup.h in favor of new T::create API.Jack Lloyd2015-09-213-7/+8
|
* Sometimes we don't know the input format. But it is one of twoSimon Warta2015-08-113-6/+6
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-19 09:43:18 +0000